$OpenBSD: patch-mozilla_netwerk_protocol_http_Http2Session_cpp,v 1.1 2017/01/06 22:14:07 landry Exp $

Bug 1290037: Fix HTTP/2 with nss 3.28.
https://hg.mozilla.org/mozilla-central/rev/361ac226da2a

--- mozilla/netwerk/protocol/http/Http2Session.cpp.orig	Wed Dec 14 03:10:00 2016
+++ mozilla/netwerk/protocol/http/Http2Session.cpp	Fri Jan  6 20:41:48 2017
@@ -3542,8 +3542,8 @@ Http2Session::ConfirmTLSProfile()
     LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
           this, keybits));
     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
-  } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
-    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
+  } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
+    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
           this, keybits));
     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
   }
